Three MediaWiki extensions to integrate Nostr functionality:
- NostrEditPost - Posts all edits as Nostr kind 1 notes
- NostrAuth - NIP-07 browser extension authentication
- NostrNIP5 - Serves NIP-5 verification via .well-known/nostr.json
- Clone or download these extensions to your MediaWiki
extensions/directory - Add to
LocalSettings.php:
// Shared relay configuration (used by all extensions)
$wgNostrRelays = [
'wss://relay.damus.io',
'wss://nos.lol',
// Add more relays as needed
];
// NostrEditPost Extension
wfLoadExtension( 'NostrEditPost' );
$wgNostrEditPostEnabled = true;
$wgNostrNsec = 'nsec1...'; // Optional: private key for signing events
// NostrAuth Extension
wfLoadExtension( 'NostrAuth' );
$wgNostrAuthEnabled = true;
$wgNostrAllowedNIP5Domains = null; // null = no restriction, or array like ['example.com', 'wiki.org']
// NostrNIP5 Extension
wfLoadExtension( 'NostrNIP5' );
$wgNostrNIP5Enabled = true;Array of Nostr relay URLs. All extensions that need relay access will use this shared configuration.
Example:
$wgNostrRelays = [
'wss://relay.damus.io',
'wss://nos.lol',
'wss://relay.snort.social'
];Validation:
- URLs must start with
wss://orws:// - Invalid URLs will be logged but won't break the wiki
Enable or disable posting edits to Nostr.
Optional private key (nsec) for signing Nostr events. If not provided, events will be posted unsigned (may be rejected by some relays).
Security Note: Store nsec securely. The LocalSettings.php file should have restricted permissions (e.g., 600) and not be web-accessible.
Enable or disable Nostr authentication.
Whitelist of allowed NIP-5 domains for authentication. Set to null to allow all domains, or provide an array:
$wgNostrAllowedNIP5Domains = ['example.com', 'wiki.org'];Enable or disable the NIP-5 verification endpoint.
Once enabled, all page edits will automatically be posted to Nostr as kind 1 notes. The note format is:
Edit: [Page Title] - [Edit Summary] [Diff URL]
Users can log in using their Nostr browser extension:
- Navigate to
Special:NostrLogin - Click "Login with Nostr"
- Approve the signature request in your Nostr browser extension
- You'll be logged in and a MediaWiki account will be created if needed
Users can set their Nostr public key (npub) in their user preferences. Once set, the NIP-5 endpoint will be available at:
/.well-known/nostr.json?name=[username]
This returns JSON in the format:
{
"names": {
"username": "hex_pubkey"
}
}- MediaWiki 1.42+
- PHP 7.4+ (or as required by MediaWiki 1.42)
- Optional: PHP secp256k1 extension for cryptographic operations (recommended for production)
The extensions use shared utilities in the NostrUtils/ directory for:
- Bech32 encoding/decoding (npub/nsec <-> hex)
- Event signing and verification
- Cryptographic operations
-
nsec Storage: The private key (nsec) should be stored securely. Consider using environment variables or encrypted storage instead of
LocalSettings.phpfor production deployments. -
NIP-5 Verification: When using domain restrictions, ensure the whitelist is properly configured to prevent unauthorized access.
-
Challenge Signing: Authentication challenges use secure random nonces and timestamps to prevent replay attacks.
-
File Permissions: Ensure
LocalSettings.phphas restricted permissions (600) and is not web-accessible.
- Check that
$wgNostrRelaysis configured correctly - Verify relay URLs are accessible
- Check MediaWiki logs for errors
- Ensure nsec is valid if signing is required
- Verify the Nostr browser extension is installed and enabled
- Check that
$wgNostrAuthEnabledis set totrue - Review MediaWiki logs for authentication errors
- Ensure NIP-5 domain restrictions are configured correctly if enabled
- Verify
$wgNostrNIP5Enabledis set totrue - Check that users have set their npub in preferences
- Ensure the
.well-known/nostr.jsonpath is accessible (may require web server configuration)
MIT